原創作品,允許轉載,轉載時請務必以超鏈接形式標明文章 原始出處 、作者信息和本聲明。否則將追究法律責任。http://jedy82.blog.51cto.com/425872/1628085
LVS的分類
LVS-DR: 直接路由,此種方式是最常用的方式,所有的Director和RealServer都在同一個物理網絡中(交換機)並且都只有一塊網卡。
LVS-NAT:地址轉換,數據包來回都要經過NAT轉換,所以Director Server(即LVS服務器)將成爲系統瓶頸。使用NAT模式將需要兩個不同網段的IP,一個IP接受外部請求服務,一般爲外網ip,此IP稱爲VIP,一個IP與後端realserver同一地址段,負責相互通信,稱爲DIP。後端realserver的網關地址需指向DIP。同時需開啓linux內核的數據包轉發功能。
LVS-TUN:隧道 ,LVS/TUN與 LVS/DR 類似。只是在報文外面再加一層IP封裝,整個過程比LVS/DR模式多一次報文的封裝/解封過程。LVS/DR只支持本地網絡,LVS/TUN卻可以跨機房。
一、說明
目的:使用LVS對兩臺web服務器進行負載設置,本方暫不涉及LVS本身的HA設置
VIP:10.10.6.200
DIP:10.10.6.201
web1:10.10.6.211
web2:10.10.6.212
操作系統:CentOS release 6.6 (Final)
關閉了selinux和iptables
[root@Web1 ~]# getenforce Disabled [root@Web1 ~]# chkconfig iptables off [root@Web1 ~]# service iptables stop [root@Web1 ~]#
二、安裝配置web服務(以web1爲例,web2相同)
(一)安裝apache和php
[root@Web1 ~]# yum install httpd php php-fpm [root@Web1 ~]# vi /etc/httpd/conf/httpd.conf ServerName :80 [root@Web1 ~]# service httpd restart [root@Web1 ~]# service php-fpm restart [root@Web1 ~]# [root@Web1 ~]# more /var/www/html/phpinfo.php <?php phpinfo() ?> [root@Web1 ~]# [root@Web1 ~]# more /var/www/html/index.html \\web2 這裏全部要做相應的修改 <html> <head> <title>web1</title> </head> <body> hostname: Web1<br>ip : 10.10.6.211 </body> </html> [root@Web1 ~]#
(二)測試web站點:
http://10.10.6.211/phpinfo.php
http://10.10.6.212/phpinfo.php
http://10.10.6.211
三、LVS配置(DR、NAT、TUN三種模式任選其一)
(一)安裝ipvsadm
[root@LVS-master ~]# yum install ipvsadm [root@LVS-master ~]# chkconfig ipvsadm on [root@LVS-master ~]# service ipvsadm start [root@LVS-master ~]# ipvsadm IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn [root@LVS-master ~]#
(二)DR模式配置(最常用)
在eth0:0上設置對外提供的地址
[root@LVS-master ~] # ifconfig eth0:0 10.10.6.200 netmask 255.255.255.255 broadcast 10.10.6.200 up
設置路由
[root@LVS-master ~]# route add -host 10.10.6.200 dev eth0:0 [root@LVS-master ~]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.10.6.200 * 255.255.255.255 UH 0 0 0 eth0 10.10.6.0 * 255.255.255.0 U 0 0 0 eth0 link-local * 255.255.0.0 U 1002 0 0 eth0 default 10.10.6.254 0.0.0.0 UG 0 0 0 eth0 [root@LVS-master ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:56:AE:32:1E inet addr:10.10.6.201 Bcast:10.10.6.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:feae:321e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:73055 errors:0 dropped:0 overruns:0 frame:0 TX packets:7458 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4799348 (4.5 MiB) TX bytes:779840 (761.5 KiB) eth0:0 Link encap:Ethernet HWaddr 00:50:56:AE:32:1E inet addr:10.10.6.200 Bcast:10.10.6.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:48 errors:0 dropped:0 overruns:0 frame:0 TX packets:48 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2522 (2.4 KiB) TX bytes:2522 (2.4 KiB) [root@LVS-master ~]# [root@LVS-master ~]# ipvsadm -A -t 10.10.6.200:80 -s rr
【添加ipvsadm條目,-A表示追加條目,-t表示使用tcp協議,-s rr表示使用輪詢算法】
[root@LVS-master ~] # ipvsadm -a -t 10.10.6.200:80 -r 10.10.6.211 -g
【-a表示追加規則,-t表示使用tcp協議,-r表示real-server,-g表示使用DR模型】
[root@LVS-master ~]# ipvsadm -a -t 10.10.6.200:80 -r 10.10.6.212 -g [root@LVS-master ~]# ipvsadm IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.10.6.200:http rr -> 10.10.6.211:http Route 1 0 0 -> 10.10.6.212:http Route 1 0 0 [root@LVS-master ~]#
設置網卡只對有eth0網卡上的ip地址做通告
[root@Web1 ~]# [root@Web1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore [root@Web1 ~]# echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore [root@Web1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce [root@Web1 ~]# echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce
在lo上設置集羣服務的ip地址和路由[root@Web1 ~]# ifconfig lo:0 10.10.6.200 netmask 255.255.255.255 broadcast 10.10.6.200 [root@Web1 ~]# route add -host 10.10.6.200 dev lo:0 [root@Web1 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:56:AE:70:6E inet addr:10.10.6.211 Bcast:10.10.6.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:feae:706e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:74398 errors:0 dropped:0 overruns:0 frame:0 TX packets:7263 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:11103638 (10.5 MiB) TX bytes:1076981 (1.0 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:106 errors:0 dropped:0 overruns:0 frame:0 TX packets:106 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:95140 (92.9 KiB) TX bytes:95140 (92.9 KiB) lo:0 Link encap:Local Loopback inet addr:10.10.6.200 Mask:255.255.255.255 UP LOOPBACK RUNNING MTU:65536 Metric:1 [root@Web1 ~]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.10.6.200 * 255.255.255.255 UH 0 0 0 lo 10.10.6.0 * 255.255.255.0 U 0 0 0 eth0 link-local * 255.255.0.0 U 1002 0 0 eth0 default 10.10.6.254 0.0.0.0 UG 0 0 0 eth0 [root@Web1 ~]#
http://10.10.6.200
第一次訪問
第二次訪問
第三次訪問
第四次訪問
LVS /DR 模式設置成功
[root@LVS-master ~]# vi dr.sh
[root@LVS-master ~]# more dr.sh
#!/bin/bash
#
# LVS script for VS/DR
#
. /etc/rc.d/init.d/functions
#
VIP=10.10.6.200
RIP1=10.10.6.211
RIP2=10.10.6.212
PORT=80
#
case "$1" in
start)
/sbin/ifconfig eth0:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev eth0:0
# Since this is the Director we must be able to forward packets
echo 1 > /proc/sys/net/ipv4/ip_forward
# Add an IP virtual service for VIP 10.10.6.200 port 80
# In this recipe, we will use the round-robin scheduling method.
# In production, however, you should use a weighted, dynamic scheduling method.
/sbin/ipvsadm -A -t $VIP:80 -s rr
# Now direct packets for this VIP to
# the real server IP (RIP) inside the cluster
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1 -g
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2 -g
/bin/touch /var/lock/subsys/ipvsadm &> /dev/null
;;
stop)
# Stop forwarding packets
echo 0 > /proc/sys/net/ipv4/ip_forward
# Reset ipvsadm
/sbin/ipvsadm -C
# Bring down the VIP interface
/sbin/ifconfig eth0:0 down
/sbin/route del $VIP
/bin/rm -f /var/lock/subsys/ipvsadm
echo "ipvs is stopped..."
;;
status)
if [ ! -e /var/lock/subsys/ipvsadm ]; then
echo "ipvsadm is stopped ..."
else
echo "ipvs is running ..."
ipvsadm -L -n
fi
;;
*)
echo "Usage: $0 {start|stop|status}"
;;
esac
[root@LVS-master ~]#
[root@LVS-master ~]# chmod +x dr.sh
[root@LVS-master ~]# ./dr.sh status
ipvs is running ...
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.6.200:80 rr
-> 10.10.6.211:80 Route 1 0 5
-> 10.10.6.212:80 Route 1 0 5
[root@LVS-master ~]#
[root@LVS-master ~]# ./dr.sh stop
SIOCDELRT: No such process
ipvs is stopped...
[root@LVS-master ~]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
[root@LVS-master ~]# ./dr.sh start
[root@LVS-master ~]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.10.6.200:http rr
-> 10.10.6.211:http Route 1 0 0
-> 10.10.6.212:http Route 1 0 0
[root@LVS-master ~]#
[root@LVS-master ~]# echo "/root/dr.sh start" >>/etc/rc.local
[root@LVS-master ~]#【web服務器上 封裝DR】
[root@Web1 ~]# vi dr-rs.sh
[root@Web1 ~]# more dr-rs.sh
#!/bin/bash
#
# Script to start LVS DR real server.
# description: LVS DR real server
#
. /etc/rc.d/init.d/functions
VIP=10.10.6.200
host=`/bin/hostname`
case "$1" in
start)
# Start LVS-DR real server on this machine.
/sbin/ifconfig lo down
/sbin/ifconfig lo up
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:0
;;
stop)
# Stop LVS-DR real server loopback device(s).
/sbin/ifconfig lo:0 down
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
;;
status)
# Status of LVS-DR real server.
islothere=`/sbin/ifconfig lo:0 | grep $VIP`
isrothere=`netstat -rn | grep "lo:0" | grep $VIP`
if [ ! "$islothere" -o ! "isrothere" ];then
# Either the route or the lo:0 device
# not found.
echo "LVS-DR real server Stopped."
else
echo "LVS-DR real server Running."
fi
;;
*)
# Invalid entry.
echo "$0: Usage: $0 {start|status|stop}"
exit 1
;;
esac
[root@Web1 ~]# chmod +x dr-rs.sh
[root@Web1 ~]# ./dr-rs.sh status
LVS-DR real server Running.
[root@Web1 ~]# ./dr-rs.sh stop
[root@Web1 ~]# ./dr-rs.sh start
[root@Web1 ~]#
[root@Web1 ~]# echo "/root/dr-rs.sh start" >>/etc/rc.local
[root@Web1 ~]#(三)NAT模式配置
增加一塊網卡,作爲外網網卡,ip爲 192.168.0.200,此ip即爲對外的VIP,並將默認網關設置成VIP段的網關,本地的內網ip不設置網關
[root@LVS-master ~]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.200 * 255.255.255.0 U 0 0 0 eth1 10.10.6.0 * 255.255.255.0 U 0 0 0 eth0 link-local * 255.255.0.0 U 1002 0 0 eth0 link-local * 255.255.0.0 U 1003 0 0 eth1 default 192.168.0.1 0.0.0.0 UG 0 0 0 eth1 [root@LVS-master ~]# [root@LVS-master ~]# cat /proc/sys/net/ipv4/ip_forward 0 [root@LVS-master ~]# echo 1 > /proc/sys/net/ipv4/ip_forward [root@LVS-master ~]# cat /proc/sys/net/ipv4/ip_forward 1 [root@LVS-master ~]# [root@LVS-master ~]# ipvsadm -A -t 192.168.0.200:80 -s rr 【添加ipvsadm條目,-A表示追加條目,-t表示使用tcp協議,-s rr表示使用輪詢算法】 [root@LVS-master ~]# ipvsadm -a -t 192.168.0.200:80 -r 10.10.6.211 -m 【-a表示追加規則,-t表示使用tcp協議,-r表示real-server,-m表示使用NAT模型】 [root@LVS-master ~]# ipvsadm -a -t 192.168.0.200:80 -r 10.10.6.212 -m [root@LVS-master ~]# ipvsadm IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.0.200:http rr -> 10.10.6.211:http Masq 1 0 1 -> 10.10.6.212:http Masq 1 0 1 [root@LVS-master ~]#
更改後端realserver的網關(以web1爲例,web2相同)
[root@Web1 ~]# route add default gw 10.10.6.201;route del default gw 10.10.6.254 [root@Web1 ~]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.10.6.0 * 255.255.255.0 U 0 0 0 eth0 link-local * 255.255.0.0 U 1002 0 0 eth0 default 10.10.6.201 0.0.0.0 UG 0 0 0 eth0 [root@Web1 ~]#
【測試】
第一次訪問
第二次訪問
[root@LVS-master ~]# ipvsadm -Lc IPVS connection entries pro expire state source virtual destination TCP 00:10 TIME_WAIT 192.168.0.201:24093 192.168.0.200:http 10.10.6.211:http TCP 00:26 TIME_WAIT 192.168.0.201:24539 192.168.0.200:http 10.10.6.212:http [root@LVS-master ~]#
LVS /NAT 模式設置成功
4.相關腳本
[root@LVS-master ~]# vi nat.sh
[root@LVS-master ~]# more nat.sh
#!/bin/bash
#
# chkconfig: - 88 12
# description: LVS script for VS/NAT
#
. /etc/rc.d/init.d/functions
#
VIP=192.168.0.200
DIP=10.10.6.201
RIP1=10.10.6.211
RIP2=10.10.6.212
#
case "$1" in
start)
# /sbin/ifconfig eth0:0 $VIP netmask 255.255.255.0 up
# Since this is the Director we must be able to forward packets
echo 1 > /proc/sys/net/ipv4/ip_forward
# Clear all ipvsadm rules/services.
/sbin/ipvsadm -C
# Add an IP virtual service for VIP 192.168.0.200 port 80
# In this recipe, we will use the round-robin scheduling method.
# In production, however, you should use a weighted, dynamic scheduling method.
/sbin/ipvsadm -A -t $VIP:80 -s rr
# Now direct packets for this VIP to
# the real server IP (RIP) inside the cluster
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1 -m
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2 -m
/bin/touch /var/lock/subsys/ipvsadm.lock
;;
stop)
# Stop forwarding packets
echo 0 > /proc/sys/net/ipv4/ip_forward
# Reset ipvsadm
/sbin/ipvsadm -C
# Bring down the VIP interface
# ifconfig eth0:0 down
rm -rf /var/lock/subsys/ipvsadm.lock
;;
status)
[ -e /var/lock/subsys/ipvsadm.lock ] && echo "ipvs is running..." || echo "ipvsadm is stopped..."
;;
*)
echo "Usage: $0 {start|stop}"
;;
esac
[root@LVS-master ~]#
[root@LVS-master ~]# chmod +x nat.sh
[root@LVS-master ~]# ./nat.sh start
[root@LVS-master ~]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.0.200:http rr
-> 10.10.6.211:http Masq 1 0 0
-> 10.10.6.212:http Masq 1 0 0
[root@LVS-master ~]# ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.0.200:http rr
-> 10.10.6.211:http Masq 1 0 4
-> 10.10.6.212:http Masq 1 0 4
[root@LVS-master ~]#(四)TUN 模式配置
1.LVS server 配置
[root@LVS-master ~]# ifconfig tunl0 10.10.6.200 broadcast 10.10.6.200 netmask 255.255.255.255 up [root@LVS-master ~]# ipvsadm -A -t 10.10.6.200:80 -s rr
【添加ipvsadm條目,-A表示追加條目,-t表示使用tcp協議,-s rr表示使用輪詢算法】
[root@LVS-master ~]# ipvsadm -a -t 10.10.6.200:80 -r 10.10.6.211 -i
【-a表示追加規則,-t表示使用tcp協議,-r表示real-server,-i表示使用tun模型】、
[root@LVS-master ~]# ipvsadm -a -t 10.10.6.200:80 -r 10.10.6.212 -i [root@LVS-master ~]# ipvsadm IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.10.6.200:http rr -> 10.10.6.211:http Tunnel 1 0 0 -> 10.10.6.212:http Tunnel 1 0 0 [root@LVS-master ~]#
2.後臺兩個Real Server服務器的配置(以web1爲例,web2相同)
[root@Web1 ~]# ifconfig tunl0 10.10.6.200 broadcast 10.10.6.200 netmask 255.255.255.255 up [root@Web1 ~]# echo 1 > /proc/sys/net/ipv4/conf/tunl0/arp_ignore [root@Web1 ~]# echo 2 > /proc/sys/net/ipv4/conf/tunl0/arp_announce [root@Web1 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore [root@Web1 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
\\ 對於centos6.6系統,一定下面兩行一定要加上,否則,real server會認爲收到的數據包非法,直接丟棄。對於其它系統沒有做過測試。網上很多資料上都沒有這一點,因此花費了我很長時間來解決TUN失敗的問題。
[root@Web1 ~]# echo 0 > /proc/sys/net/ipv4/conf/tunl0/rp_filter [root@Web1 ~]# echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
\\ 網上很多資料說要加上下面這一行,不過我沒加,也能正常使用。可能和我的real server 是單網卡,使用默認路由有關係
[root@Web1 ~]# route add -host 10.10.6.200 dev tunl0 [root@Web1 ~]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.10.6.200 * 255.255.255.255 UH 0 0 0 tunl0 10.10.6.0 * 255.255.255.0 U 0 0 0 eth0 link-local * 255.255.0.0 U 1002 0 0 eth0 default 10.10.6.254 0.0.0.0 UG 0 0 0 eth0 [root@Web1 ~]#
3.測試
http://10.10.6.200
第一次訪問
第二次訪問
[root@LVS-master ~]# ipvsadm -Lnc IPVS connection entries pro expire state source virtual destination TCP 14:57 ESTABLISHED 192.168.19.63:65441 10.10.6.200:80 10.10.6.211:80 TCP 14:57 ESTABLISHED 192.168.19.63:65440 10.10.6.200:80 10.10.6.212:80 TCP 14:57 ESTABLISHED 192.168.19.63:65442 10.10.6.200:80 10.10.6.212:80 [root@LVS-master ~]#
LVS /TUN 模式設置成功
4.相關腳本
(1)Director腳本
[root@LVS-master ~]# vi tun.sh
[root@LVS-master ~]# more tun.sh
#!/bin/sh
# description: start LVS of Directorserver
VIP=10.10.6.200
DIP=10.10.6.201
RIP1=10.10.6.211
RIP2=10.10.6.212
GW=10.10.6.254
. /etc/rc.d/init.d/functions
case "$1" in
start)
echo " start LVS of DirectorServer"
# set the Virtual IP Address
/sbin/ifconfig tunl0 $VIP broadcast $VIP netmask 255.255.255.0 up
/sbin/route add -host $VIP dev tunl0
#Clear IPVS table
/sbin/ipvsadm -C
#set LVS
/sbin/ipvsadm -A -t $VIP:80 -s rr
/sbin/ipvsadm -a -t $VIP:80 -r $RIP1:80 -i
/sbin/ipvsadm -a -t $VIP:80 -r $RIP2:80 -i
#Run LVS
/sbin/ipvsadm
#end
;;
stop)
echo "close LVS Directorserver"
ifconfig tunl0 down
/sbin/ipvsadm -C
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
[root@LVS-master ~]#
[root@LVS-master ~]# chmod +x tun.sh
[root@LVS-master ~]# ./tun.sh start(2)Real Server啓動腳本(以web1爲例,web2相同)
[root@Web1 ~]# vi tun-rs.sh
[root@Web1 ~]# more tun-rs.sh
#!/bin/bash
#
# Script to start LVS TUN real server.
# description: LVS TUN real server
#
. /etc/rc.d/init.d/functions
VIP=10.10.6.200
case "$1" in
start)
# Start LVS-TUN real server on this machine.
/sbin/ifconfig tunl0 $VIP broadcast $VIP netmask 255.255.255.255 up
# /sbin/route add -host $VIP dev tunl0
echo 1 > /proc/sys/net/ipv4/conf/tunl0/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/tunl0/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/tunl0/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
;;
stop)
# Stop LVS-TUN real server loopback device(s).
/sbin/ip addr flush tunl0
/sbin/ifconfig tunl0 down
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
;;
status)
# Status of LVS-TUN real server.
islothere=`/sbin/ifconfig tunl0 | grep $VIP`
isrothere=`netstat -rn | grep "tunl0" | grep $VIP`
if [ ! "$islothere" -o ! "isrothere" ];then
# Either the route or the tunl0 device
# not found.
echo "LVS-TUN real server Stopped."
else
echo "LVS-TUN real server Running."
fi
;;
*)
# Invalid entry.
echo "$0: Usage: $0 {start|status|stop}"
exit 1
;;
esac
[root@Web1 ~]# chmod +x tun-rs.sh
[root@Web1 ~]# ./tun-rs.sh start
[root@Web1 ~]#